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CLAIMS 

1. Method for user identification and ascer- 
tainment of authenticity of parties in a telecommuni- 
cation system comprising: 
5 a telecommunication network (OM) ; 

a source system (LEI) connected to the telecommu- 
nication network (OM) ; 

a target system (LE2) connected to the telecommu- 
nication network (OM) ; 
10 said method comprising the steps of: 

storing user identifiers and associated passwords 
in the source system (LEI) and in the target system 
(LE2) ; 

logging on into the source system (LEI) by enter- 
15 ing a user identifier and a password corresponding to 
it; 

identifying the user in the source system (LEI) ; 
setting up a remote session to the target system 
(LE2) ; 

20 characterized in that in that the 

method further comprises the steps of: 

generating identical indexed encryption keys in 
the source system (LEI) and in the target system 
(LE2) ; 

25 encrypting the password associated with the user 

identifier in the source system (LEI) using the en- 
cryption key indicated by a first index, and sending 
the encrypted data as well as the first index and the 
user identifier to the target system (LE2) ; 

30 encrypting the password associated with the user 

identifier in the target system (LE2) using an encryp- 
tion key indicated by the index received; 

performing a first comparison between the received 
password and the password encrypted in the target sys- 

35 tern (LE2) ; 

encrypting in the target system (LE2) the password 
received from the source system (LEI) using an encryp- 
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tion key indicated by a second index, and sending the 
encrypted data and the second index to the source sys- 
tem (LEI) ; 

encrypting the encrypted password initially sent 
5 from the source system (LEI) to the target system 

(LE2) again using the encryption key indicated by the 
second index received from the target system (LE2) ; 

performing a second comparison between the en- 
crypted password received from the target system (LE2) 
10 and the password encrypted in the source system (LEI) 
using the encryption keys indicated by the first and 
second indexes; and 

approving the setup of the remote session if the 
results of the comparisons are coincident. 
15 2. Method as defined in claim 1, char- 

acterized in that the setup of the remote ses- 
sion is prevented if the results of the first or the 
second comparison are not coincident. 

3. Method as defined in claim 1 or 2, 
20 characterized in that 

separate identification data is generated; 
the identification data is encrypted in the source 
system (LEI) using the encryption key indicated by the 
first index and the encrypted data is sent to the tar- 
25 get system (LE2) ; 

the identification data received from the source 
system (LEI) is encrypted in the target system (LE2) 
using the encryption key indicated by the second index 
and the encrypted data as well as the second index are 
30 sent back to the source system (LEI) ; 

the identification data encrypted using the en- 
cryption key indicated by the first index which was 
initially sent to the target system (LE2) is encrypted 
again in the source system (LEI) using the encryption 
35 key indicated by the second index received from the 
target system (LE2) ; 

a third comparison is performed between the en- 
crypted identification data received from the target 
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system (LE2) and the identification data just en- 
crypted in the source system (LEI) ; and 

the setup of the remote session is approved if the 
result of the comparison is coincident, 
5 4. Method as defined in claim 3, char- 

acterized in that the setup of the remote ses- 
sion is prevented if the result of the third compari- 
son is not coincident. 

5 . Method as defined in any one of the pre- 
10 ceding claims 1-4, characterized in that 
the identification data is sent simultaneously 
with the user data; or 

the identification data is sent in separation from 
the user data. 

15 6. Method as defined in any one of the pre- 

ceding claims 1 - 5, characterized in that 
time data and/or data individualizing the source sys- 
tem is added to the identification data. 

7. Method as defined in any one of the pre- 
20 ceding claims 1 - 6, characterized in that 

the encryption keys are generated using a certain pre- 
determined algorithm. 

8 . Method as defined in any one of the pre- 
ceding claims 1 - 7 , characterized in that 

25 the encryption keys are stored on a special encryption 
key list. 

9. Method as defined in any one of the pre- 
ceding claims 1 - 8, characterized in that 
the index is generated on a random basis or on the ba- 

30 sis of a predetermined algorithm. 

10. Method as defined in any one of the pre- 
ceding claims 1 - 9, characterized in that 
a one-way encryption algorithm is used for the encryp- 
tion of data in the source system (LEI) and in the 

35 target system (LE2) . 

11. Method as defined in any one of the pre- 
ceding claims 1 - 10, characterized in that 
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the telecommunication system is a telephone exchange 
system. 

12. Method as defined in . any one of the pre- 
ceding claims 1-11, characterized in that 

5 the source system (LEI) and/or the target system (LE2) 
are telephone exchanges. 

13. Method as defined in any one of the pre- 
ceding claims 1-12, characterized in that 
the telecommunication network (OM) is an operation and 

10 maintenance network. 

14. System for user identification and ascer- 
tainment of authenticity of parties in a telecommuni- 
cation system comprising: 

a telecommunication network (OM) ; 
15 a source system (LEI) connected to the telecommu- 

nication network (OM) ; 

a target system (LE2) connected to the telecommu- 
nication network (OM) ; 

in which system it is possible to store user 
20 identifiers and associated passwords in the source 
system (LEI) and in the target system (LE2) , log on 
into the source system (LEI) by entering a user iden- 
tifier and a password corresponding to it, identify 
the user in the source system (LEI) and set up a re- 
25 mote session to the target system (LE2) ; 

characterized in that the system 
comprises: 

means (1) for generating identical indexed encryp- 
tion keys in the source system (LEI) and in the target 
30 system (LE2) ; 

means (2) for encrypting data in the source and 
target systems using an encryption key indicated by an 
index; 

means (3) for transmitting data between the source 
35 and target systems; 

means (4) for performing a comparison in the 
source and target systems; 
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means (5) for approving the setup of a remote ses- 
sion. 

15. System as defined in claim 14, char- 
acterized in that the system comprises means 

5 (6) for preventing the setup of a remote session. 

16. Method as defined in claim 14 or 15, 
characterized in that the system comprises 
means (7) for generating identification data and add- 
ing time data and/or data individualizing the source 

10 system to the identification data. 

17. System as defined in any one of the pre- 
ceding claims 14 - 16, characterized in 
that the system comprises an encryption key list (8) 
for the storage of encryption keys. 

15 18. System as defined in any one of the pre- 

ceding claims 14 - 17, characterized in 
that the system comprises means (9) for generating an 
index on a random basis or on the basis of a predeter- 
mined algorithm. 

20 19. System as defined in any one of the pre- 

ceding claims 14 - 18, characterized in 
that the telecommunication system is a telephone ex- 
change system. 

20. System as defined in any one of the pre- 
25 ceding claims 14 - 19, characterized in 

that the source system (LEI) and/or the target system 
(LE2) are telephone exchanges. 

21. System as defined in any one of the" pre- 
ceding claims 14 - 20, characterized in 

3 0 that the telecommunication network (OM) is an opera- 
tion and maintenance network. 



